-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c6ba4a9
commit f2175d7
Showing
32 changed files
with
498 additions
and
195 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| +++ | ||
| title = 'Over The Wire - Bandit 0 -> 1' | ||
| date = 2024-08-04T19:51:15+02:00 | ||
| draft = false | ||
| tags = ["cyber security", "bandit", "over the wire"] | ||
| +++ | ||
|
|
||
| # Task | ||
|
|
||
| Find the file `readme` stored in the filesystem. | ||
|
|
||
| SSH: `bandit0@bandit.labs.overthewire.org -p 2220` | ||
|
|
||
| Password: `bandit0` | ||
|
|
||
| # Theory | ||
|
|
||
| After loggin in the remote host you can use a set of commands to understand where are you and what files are in your directory: | ||
| - `pwd` this command show the name of the working directory, the directory you're in right now. | ||
| - `ls` list the files in the current folder, you can add the attribute `-a` to show hidden files, using `-l` instead will show additional information on the files. | ||
| - `cat` read the content of a file and print them to standard output. | ||
|
|
||
| # Solution | ||
|
|
||
| 1. We log in with SSH using the information above. | ||
|
|
||
| 2. Make sure the `readme` file is in the directory. | ||
| ```bash | ||
| bandit0@bandit:~$ ls | ||
| readme | ||
| ``` | ||
|
|
||
| 3. We can read the content of the file. | ||
| ``` | ||
| bandit0@bandit:~$ cat readme | ||
| ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5If | ||
| ``` | ||
|
|
||
| Now we can move on to the next challenge. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,60 +1,56 @@ | ||
| +++ | ||
| title = 'Over The Wire - Bandit 0' | ||
| date = 2024-08-04T15:45:39+02:00 | ||
| title = 'Overthewire Bandit 0' | ||
| date = 2024-08-04T19:47:52+02:00 | ||
| draft = false | ||
| tags = ["cyber security", "bandit", "over the wire"] | ||
| +++ | ||
|
|
||
| # Introduction | ||
|
|
||
| [OverTheWire](https://overthewire.org/wargames/) is an online platform that provides a series of interactive war games designed to teach and challenge users in various aspects of cybersecurity, programming, and systems administration. These war games cover a diverse range of topics, from basic Linux command line usage to complex cryptography and network exploitation techniques. | ||
| OverTheWire is a free online platform “to learn and practice security concepts in the form of fun-filled games”. It has different, so-called “Wargames”, that deal each deal with an area of security. | ||
|
|
||
| # Bandit 0 | ||
| The first game that is recommended is called Bandit. It is recommended first because it teaches “the basics needed to be able to play other wargames”. This includes mainly basic Linux and Git commands. | ||
|
|
||
| ## Level Goal | ||
| I worked through the levels and decided to write a walkthrough for my blog. There are already walkthroughs on the internet, from different persons and with different solutions. However, I still decided to publish mine, to at the very least get more comfortable with writing and maybe, since my explanations and thought processes may vary from other writers, help someone understand the solutions better. Also, this way future me has a reference to look back at. | ||
|
|
||
| The goal of this level is for you to log into the game using SSH. The host to which you need to connect is `bandit.labs.overthewire.org`, on port `2220`. The username is `bandit0` and the password is `bandit0`. | ||
| I will try to explain the important concepts shortly, however, there is always a lot more we can learn about them. What the game and I would encourage you to do, is research on your own. | ||
|
|
||
| Great, now that you know what this article is about and why I am doing this, let’s start with the walkthrough of Level 0. | ||
|
|
||
| # Bandit Level 0 | ||
|
|
||
| ## Task | ||
|
|
||
| Log into the level with SSH. | ||
|
|
||
| Server: `bandit.labs.overthewire.org` | ||
|
|
||
| Port: `2220` | ||
|
|
||
| Username: `bandit0` | ||
|
|
||
| Password: `bandit0` | ||
|
|
||
| ## Theory | ||
|
|
||
| 1. Introduction to SSH: | ||
| - Definition: SSH or Secure Shell, is a cryptographic network protocol used for secure data communication, remote command-line login, and other secure network services between two networked computers. | ||
| - Purpose: It ensures that the data sent over the network is encrypted, providing confidentiality and integrity of data and secure authentication. | ||
| 2. Understanding SSH Authentication: | ||
| - Authentication mechanisms: SSH supports various authentication methods, including password-based authentication, public key authentication and host based authentication. For this level, the focus is on password-based authentication. | ||
| - Process: WHen using password-based authentication, the client provides a username and password, which the server verifies. If the credentials are correct, access is granted. | ||
| 3. Connecting to a Remote Host Using SSH: | ||
| - Basic Command Structure: The basic syntax for connection to a remote host via SSH is: | ||
| ```bash | ||
| ssh [username]@[hostname] -p [port] | ||
| ``` | ||
| - Parameters: | ||
| - `username`: The username you are logging in with. | ||
| - `hostname`: The remote host’s address (in this case, bandit.labs.overthewire.org). | ||
| - `port`: The port number to connect to (in this case, 2220). | ||
| 4. Common Pitfalls and Troubleshooting: | ||
| - Incorrect Credentials: Ensure that you are using the correct username and password. Typos can lead to authentication failures. | ||
| - Firewall and Network Issues: Ensure that your network allows outbound connections on port `2220`. If you are behind a restrictive firewall, you might need to adjust your network settings. | ||
| This challenge wants us to user SSH, which stands for Secure Shell, is a cryptographic network protocol used to securely access and manage network devices and servers over an insecure network. It provides a secure channel over an unsecured network by using encryption to protect the communication between the client and the server. | ||
|
|
||
| ## Solution | ||
| Key features of SSH include: | ||
| - Secure Remote Login: Allows users to securely log into a remote machine. | ||
| - Command Execution: Enables users to run commands on a remote server. | ||
| - File Transfer: Facilitates secure file transfers through protocols like SCP (Secure Copy Protocol) and SFTP (SSH File Transfer Protocol). | ||
| - Port Forwarding: Supports tunneling of network services over a secure connection. | ||
|
|
||
| To solve this level simply SSH into the remote host with the credentials given in the level goal and find the password for the next level. | ||
| SSH helps ensure that data transmitted between the client and server remains confidential and protected from eavesdropping and tampering. | ||
|
|
||
| ``` | ||
| ~$ ssh bandit0@bandit.labs.overthewire.org -p 2220 | ||
| It is a very common service. So common in fact that it was assigned its own standard port, Port 22. A port is an endpoint that allows your computer to know which service should be accessed - kind of like office room numbers, so you know in which room the person you need to talk to is. | ||
|
|
||
| ~$ ls | ||
| readme | ||
| ## Solution | ||
|
|
||
| ~$ cat readme | ||
| Congratulations on your first steps into the bandit game!! | ||
| Please make sure you have read the rules at https://overthewire.org/rules/ | ||
| If you are following a course, workshop, walthrough or other educational activity, | ||
| please inform the instructor about the rules as well and encourage them to | ||
| contribute to the OverTheWire community so we can keep these games free! | ||
| To solve this challenge first we SSH into the remote machine with the credentials in the Level Goal. | ||
|
|
||
| The password you are looking for is: ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5If | ||
| ``` | ||
| ~$ ssh bandit0@bandit.labs.overthewire.org -p 2220 | ||
| ``` | ||
|
|
||
| Password: ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5If | ||
| After typing the password we're in and this is the end of the level 0. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| +++ | ||
| title = 'Overthewire Bandit 1 2' | ||
| date = 2024-08-04T20:08:05+02:00 | ||
| draft = false | ||
| tags = ["cyber security", "bandit", "over the wire"] | ||
| +++ | ||
|
|
||
| # Task | ||
|
|
||
| Read the content of the file called "-" | ||
|
|
||
| SSH: `bandit1@bandit.labs.overthewire.org -p 2220` | ||
|
|
||
| Password: `ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5If` | ||
|
|
||
| # Theory | ||
|
|
||
| To read a file with an "unconventional name" such as - we need to use the path of the file `./`. | ||
|
|
||
| # Solution | ||
|
|
||
| 1. We log in to the remote host with the right credentials | ||
|
|
||
| ``` | ||
| ~$: ssh bandit1@bandit.labs.overthewire.org -p 2220 | ||
| ``` | ||
|
|
||
| 2. Search for the file and read it. | ||
|
|
||
| ``` | ||
| bandit1@bandit~$: ls | ||
| - | ||
| bandit1@bandit~$: cat ./- | ||
| 263JGJPfgU6LtdEvgfWU1XP5yac29mFx | ||
| ``` | ||
|
|
||
| We can now proceed to the next challenge. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
Oops, something went wrong.